XSS is getting detected in my code.
String ref = new CellReference(rownum, columnIndex).formatAsString();
_out.write(ref);
it detects at this line.
I have been using Appscan. Tried this:
String ref = ESAPI.encoder()
.encodeForHTMLAttribute(new CellReference(rownum, columnIndex)
.formatAsString());
_out.write(ref);`
However, it did not work. Please help me to remedy this XSS finding.
答案 0 :(得分:0)
Appscan源不会将ESAPI调用标记为开箱即用的验证机制。当您重新扫描此代码时,ESAPI调用应出现在跟踪图中。然后,您可以在跟踪图中将ESAPI调用标记为针对XSS的验证器。标记该API后,任何子序列扫描都将删除此发现。